Page 1 of 1

PHP Logon Script - Simple Script - Annoying problem (Newbie)

Posted: Thu Jul 14, 2005 1:50 am
by Murf
Hey,

Im really new to PHP and really don't know much about it, ive been trying to figure out the script below, for a simple logon box (been googling, but nothing to meet my needs), back ended with mysql. Ive got all the database setup worked out, tables, users, and databases created, and the info in the php script, but when i type in the user and password in the database it just says wrong password and wont do any thing more.

Can any one see a problem with the script?

Thank's A Lot
Murf

Code: Select all

<?php


//Enter MySQL login information
$user="user1";
$pass="pass1";
$server="localhost";
$db="db1";



//Database Information - Variables defined.



//Now define variable which determines output / url direction if creditatals are correct

$output="<a href=\"http://www.google.com\">http://www.google.com</a>";
//Do not change information below this

$mysql_link = mysql_connect($server, $user, $pass);


mysql_select_db($db, $mysql_link);

$sql = "SELECT * FROM testTable WHERE username=\"$_POST[username]\"";

$result= mysql_query($sql, $mysql_link);

if( $_POST[username] AND $_POST[password]){
	if ($result == 0) {
		echo("Username not found, please go back and try again");
	} 
	else {
		$sql= "SELECT password FROM testTable WHERE username = $_POST[username]";
		$result= mysql_query($sql, $mysql_link);
		if (strcmp($result, $_POST[password]) == 0)
		{
			echo($output);
		} 
		else {
			echo("Password that was entered was invalid. Please go back and try again");
		}	
	}	
}
else {

echo("<form action=\"$PHP_SELF\" method=\"POST\">\nUser: <input type=\"text\" name=\"username\">\nPass: <input type=\"text\" name=\"password\">\n<input type=\"submit\" value=\"Submit\"></form>");
}


?>

Posted: Thu Jul 14, 2005 2:22 am
by Burrito
you can check the username and password with one query for starters...secondly, you need to use && as an operator not AND in your if statement and finally here's how your query should look:

Code: Select all

$sql = "SELECT * FROM testTable WHERE username='".$_POST[username]."' and password = '".$_POST['password']."'";
// you should also throw an error if there are problems with your sql.
$result = mysql_query($sql)
  or die(mysql_error());
//now check to see if it was valid or not
if($row = mysql_fetch_assoc($result))
  // all is good, do stuff
else
  //bad user bad Bad BAD user...no soup for you!

Posted: Thu Jul 14, 2005 2:34 pm
by Murf
thank you very much for your help :)

murf